Whenever we encrypt any data, we need a simple key just to unlock it. Well, this key is everything. This key is the foundation of the security on the user’s front. And keeping it safe and secure is one of the most important tasks that a user needs to carry out on their end. A way of doing this is to create a backup of the key at different locations. This will eventually help in easing out the process of recovering the files in case they are lost. Just to remind you that EFS file encryption only works on the Pro, Enterprise and Education editions of Windows 11 and Windows 10. Users of Windows 11/10 Home are unsupported for this feature.
We have seen how to encrypt or decrypt data with EFS Encryption. Now let us see how to backup your EFS encryption key.
How to backup EFS encryption key
First of all, make sure that you have some files encrypted with EFS before you try to back up a key for it.
1: Using the Certificates Manager
Here, start by opening the Certificates Manager. You can do it by searching for it in the Cortana Search box or just hit WINKEY + R combination to launch start and type in certmgr.msc and then hit Enter.
On the left pane of the Certificates Manager, expand the folder called Personal. Click on the folder called as Certificates.
Now, on the right side panel, you will see the Certificates issues on this computer. Right click on the one issued to your account.
Click on All Tasks > Export…
It will now open another window welcoming you to the Certificate Export Wizard. Click on Next to continue.
Now click on the radio button labeled as Yes, export the private key and then click on Next.
Now, select the radio button labeled as Personal Information Exchange – PKCS #12(.PFX)and the checkbox labeled as Enable certificate privacy and Include all certificates in the certification path if possible.
Finally, click on Next.
Now, it is recommended to protect this backup with a password. Click on the checkbox labeled for Password and enter your password accordingly and then click Next.
Choose the path where you need to save this backup, and then click on Next.
It will now give you a summary of all the exporting details of the EFS Encryption Key. Click on Finish to export it successfully.
You will get a prompt that the export was now successful.
Now, you can take away that file with you anywhere to keep it safe.
2: Using the Command Prompt
Start by pressing WINKEY + X button combo or right-click on the Start button and click on Command Prompt (Admin) or just search for cmd in the Cortana search box, right click on the Command Prompt icon and click on Run as Administrator.
Now, if you wish to get a backup a key of an encrypted file using EFS on Windows 10/8/7, type in the following command, and hit Enter-
cipher /x "%UserProfile%\Desktop\EFSCertificates"
You will now get a prompt confirming if you are sure if you want to back up the certificates associated to your files encrypted with EFS Encryption. Click on OK.
It will work as you to enter a password to protect your .PRX file from unauthorized users. Enter the password and hit Enter.
Now, enter the same password to confirm it and then hit Enter.
Finally, a file named as EFSCertificates.PRX will be saved on to your Desktop.
3: Using the Certificate Export Wizard from the list of System Icons
Now after your files have been encrypted, a small icon will appear in the system icons on the bottom right portion of the screen.
Click on Back up now (recommended).
Now the Certificate Export Wizard will open up just as in Method 1.
Follow the steps as described above carefully, and you will be able to back up your EFS Encryption Certificate successfully.